Around 1,500 apps for iPhone and iPad contain an HTTPS vulnerability making it ‘trivial’ for hackers to perform man-in-the-middle attacks to steal passwords, bank details and other private information.

Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook. Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government. When many people use a service such as this, it

An article came out yesterday from Clement Genzmer who is a security engineer at Facebook. His tagline is "searching and destroying malicious links". Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to

Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk

Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook :) Little privacy, but a whole lot of settings! Check it out at http://blog.eset.com/2011/05/25/facebook-privacy Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face

Facebook actually does have some exceptionally talented security professionals. They have almost no depth in privacy, but they have real security talent. A part of the problem is that the Facebook culture is anti-security and that is a very tough obstacle for their security professionals. Facebook security is by marketing design. Take a look at

My colleague Urban Schrott, from ESET Ireland, wrote a nice feature article for our monthly ThreatSense report (which should be available shortly on the Threat Center page at http://www.eset.com/threat-center) on seasonal scams. As the scam season is starting to get into full swing, we thought it might be good to give it a wider audience here.

[Part 9 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series is now available as a white paper at http://www.eset.com/download/whitepapers.php.] Be Wireless, not Careless Don’t connect to just any “free Wi-Fi” access point: it might alter your DNS queries or be the “evil twin” of